Fix xdg user dirs (#186)

* Rename XDG_*_HOME to XDG_*_DIR for consistent naming * tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
2024-11-14 23:43:56 +01:00 · 2023-08-17 18:28:10 +00:00 · 2023-08-17 18:28:10 +00:00 · cc8210a1bd
commit cc8210a1bd
parent e821470d0d
7 changed files with 30 additions and 28 deletions
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@ -162,7 +162,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
  owner @{HOME}/ r,
  owner @{HOME}/.* r,
  owner @{HOME}/.icons/{,**} r,
-  owner @{HOME}/@{XDG_DATA_HOME}/ r,
+  owner @{HOME}/@{XDG_DATA_DIR}/ r,

  owner /tmp/runtime-*/xauth_?????? r,
  owner /tmp/xauth_?????? r,
--- a/apparmor.d/groups/freedesktop/xdg-permission-store
+++ b/apparmor.d/groups/freedesktop/xdg-permission-store
@ -46,7 +46,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  @{HOME}/@{XDG_DATA_HOME}/flatpak/db/gnome rw,
+  @{HOME}/@{XDG_DATA_DIR}/flatpak/db/gnome rw,

  owner @{user_share_dirs}/flatpak/ w,
  owner @{user_share_dirs}/flatpak/db/ rw,
--- a/apparmor.d/profiles-m-r/man
+++ b/apparmor.d/profiles-m-r/man
@ -104,10 +104,10 @@ profile man_filter {
  # there's no harm in allowing wide read access here since the worst it can
  # do is feed data to the invoking man process.
        /usr/** r,
-  owner @{HOME}/@{XDG_DATA_HOME}/** r,
+  owner @{HOME}/@{XDG_DATA_DIR}/** r,
  owner @{user_projects_dirs}/** r,
  owner @{user_cache_dirs}/** r,
-  owner @{MOUNTS}/*/@{XDG_DATA_HOME}/** r,
+  owner @{MOUNTS}/*/@{XDG_DATA_DIR}/** r,

  /var/cache/man/** w,

--- a/apparmor.d/profiles-s-z/syncthing
+++ b/apparmor.d/profiles-s-z/syncthing
@ -30,7 +30,7 @@ profile syncthing @{exec_path} {
  /usr/share/mime/globs2 r,

  owner @{HOME}/ r,
-  owner @{HOME}/@{XDG_DATA_HOME}/syncthing/{,**} rwk,
+  owner @{HOME}/@{XDG_DATA_DIR}/syncthing/{,**} rwk,
  owner @{user_config_dirs}/syncthing/{,**} rwk,

  /home/ r,
--- a/apparmor.d/tunables/home.d/apparmor.d
+++ b/apparmor.d/tunables/home.d/apparmor.d
@ -31,19 +31,19 @@
@{XDG_PASSWORD_STORE_DIR}=".password-store"

 # Definition of local user configuration directories
-@{XDG_CACHE_HOME}=".cache"
-@{XDG_CONFIG_HOME}=".config"
-@{XDG_DATA_HOME}=".local/share"
-@{XDG_STATE_HOME}=".local/state"
-@{XDG_BIN_HOME}=".local/bin"
-@{XDG_LIB_HOME}=".local/lib"
+@{XDG_CACHE_DIR}=".cache"
+@{XDG_CONFIG_DIR}=".config"
+@{XDG_DATA_DIR}=".local/share"
+@{XDG_STATE_DIR}=".local/state"
+@{XDG_BIN_DIR}=".local/bin"
+@{XDG_LIB_DIR}=".local/lib"

 # Full path of the user configuration directories
-@{user_cache_dirs}=@{HOME}/@{XDG_CACHE_HOME}
-@{user_config_dirs}=@{HOME}/@{XDG_CONFIG_HOME}
-@{user_state_dirs}=@{HOME}/@{XDG_STATE_HOME}
-@{user_bin_dirs}=@{HOME}/@{XDG_BIN_HOME}
-@{user_lib_dirs}=@{HOME}/@{XDG_LIB_HOME}
+@{user_cache_dirs}=@{HOME}/@{XDG_CACHE_DIR}
+@{user_config_dirs}=@{HOME}/@{XDG_CONFIG_DIR}
+@{user_state_dirs}=@{HOME}/@{XDG_STATE_DIR}
+@{user_bin_dirs}=@{HOME}/@{XDG_BIN_DIR}
+@{user_lib_dirs}=@{HOME}/@{XDG_LIB_DIR}

 # User build directories and output
@{user_build_dirs}="/tmp/"
--- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d
+++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d
@ -20,3 +20,5 @@
@{user_templates_dirs}=@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}
@{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}
@{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}
+
+include if exists <tunnables/xdg-user-dirs.d/apparmor.d.d>
--- a/docs/variables.md
+++ b/docs/variables.md
@ -32,23 +32,23 @@ title: Variables References
 | SSH | `@{XDG_SSH_DIR}` | `.ssh` |
 | GPG | `@{XDG_GPG_DIR}` | `.gnupg` |
 | Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` |
-| Cache | ` @{XDG_CACHE_HOME}` | `.cache` |
-| Config | `@{XDG_CONFIG_HOME}` | `.config` |
-| Data | `@{XDG_DATA_HOME}` | `.local/share` |
-| State | `@{XDG_STATE_HOME}` | `.local/state` |
-| Bin | `@{XDG_BIN_HOME}` | `.local/bin` |
-| Lib | `@{XDG_LIB_HOME}` | `.local/lib` |
+| Cache | ` @{XDG_CACHE_DIR}` | `.cache` |
+| Config | `@{XDG_CONFIG_DIR}` | `.config` |
+| Data | `@{XDG_DATA_DIR}` | `.local/share` |
+| State | `@{XDG_STATE_DIR}` | `.local/state` |
+| Bin | `@{XDG_BIN_DIR}` | `.local/bin` |
+| Lib | `@{XDG_LIB_DIR}` | `.local/lib` |

 ### Full configuration path

 | Description | Name | Value |
 |-------------|:----:|---------|
-| Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_HOME}` |
-| Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_HOME}` |
-| Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_HOME}` |
-| State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_HOME}` |
-| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_HOME}` |
-| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_HOME}` |
+| Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` |
+| Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` |
+| Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` |
+| State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` |
+| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` |
+| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` |
 | Build | `@{user_build_dirs}` | `/tmp/` |
 | Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` |
 | Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` |